From cc45a55f437d199d2cd31d6486d69fc0400aee8e Mon Sep 17 00:00:00 2001 From: rabbit <18340247+crypticrabbit@users.noreply.github.com> Date: Thu, 30 Jul 2020 16:35:28 -0400 Subject: [PATCH 1/2] `token_sequence` must be incremented in backups Docs indicate that validators should backup `validator-keys.json`, and not edit the backup. This causes problems when validator operators generate new validation tokens using backups of the `validator-keys.json` file. Specifically: 1. Validator operator copies backup of `validator-keys.json` to from backup location to validator 2. Operator generates a new token on validator 3. Operator deletes `validator-keys.json` from the validator If the validator operator does not then increment the "token_sequence" in the backed up `validator-keys.json`, the next time the operator repeats the above three steps, their validations will be ignored by the network, as the resultant token will have a sequence number that is <= the last observed number. --- .../configuration/run-rippled-as-a-validator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/tutorials/manage-the-rippled-server/configuration/run-rippled-as-a-validator.md b/content/tutorials/manage-the-rippled-server/configuration/run-rippled-as-a-validator.md index 73eb47f409..18f4c8136b 100644 --- a/content/tutorials/manage-the-rippled-server/configuration/run-rippled-as-a-validator.md +++ b/content/tutorials/manage-the-rippled-server/configuration/run-rippled-as-a-validator.md @@ -72,7 +72,7 @@ In a location **not** on your validator: This file should be stored securely and not shared. - **Warning:** Store the generated `validator-keys.json` key file in a secure, offline, and recoverable location, such as an encrypted USB flash drive. Do not modify its contents. In particular, be sure to not store the key file on the validator where you intend to use the keys. If your validator's `secret_key` is compromised, [revoke the key](https://github.com/ripple/validator-keys-tool/blob/master/doc/validator-keys-tool-guide.md#key-revocation) immediately. + **Warning:** Store the generated `validator-keys.json` key file in a secure, offline, and recoverable location, such as an encrypted USB flash drive. Do not store keys on the validator where you intend to use the keys. If your `secret_key` is compromised, [revoke the key](https://github.com/ripple/validator-keys-tool/blob/master/doc/validator-keys-tool-guide.md#key-revocation) immediately. Do not modify the contents of `validator-keys.json`, except to increment the `token _sequence` after generating a new validation token using a copy of the file. For example, if you copy your secure, backed up `validation-keys.json` to your validator to generate a new token, generating the token will increase the `token_sequence` field. If you do not update the `token_sequence` field in your secure backup, then the next token you generate will have the same or lower sequence number as the token you are currently using. The network will ignore validations that have a sequence number that is less than the previously highest observed number. Alternately, simply copy `validator-keys.json` to your backup location every time you generate a new validation token, so your backup version has the correct `token_sequence`. For more information about the `validator-keys` tool and the key pairs it generates, see the [Validator Keys Tool Guide](https://github.com/ripple/validator-keys-tool/blob/master/doc/validator-keys-tool-guide.md). From b1e2aca8350773efa97e5004634ca7ad0996557d Mon Sep 17 00:00:00 2001 From: Rome Reginelli Date: Fri, 31 Jul 2020 10:10:36 -0700 Subject: [PATCH 2/2] Edit validator keys note per review --- .../configuration/run-rippled-as-a-validator.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/tutorials/manage-the-rippled-server/configuration/run-rippled-as-a-validator.md b/content/tutorials/manage-the-rippled-server/configuration/run-rippled-as-a-validator.md index 18f4c8136b..f2b3bfe378 100644 --- a/content/tutorials/manage-the-rippled-server/configuration/run-rippled-as-a-validator.md +++ b/content/tutorials/manage-the-rippled-server/configuration/run-rippled-as-a-validator.md @@ -72,7 +72,7 @@ In a location **not** on your validator: This file should be stored securely and not shared. - **Warning:** Store the generated `validator-keys.json` key file in a secure, offline, and recoverable location, such as an encrypted USB flash drive. Do not store keys on the validator where you intend to use the keys. If your `secret_key` is compromised, [revoke the key](https://github.com/ripple/validator-keys-tool/blob/master/doc/validator-keys-tool-guide.md#key-revocation) immediately. Do not modify the contents of `validator-keys.json`, except to increment the `token _sequence` after generating a new validation token using a copy of the file. For example, if you copy your secure, backed up `validation-keys.json` to your validator to generate a new token, generating the token will increase the `token_sequence` field. If you do not update the `token_sequence` field in your secure backup, then the next token you generate will have the same or lower sequence number as the token you are currently using. The network will ignore validations that have a sequence number that is less than the previously highest observed number. Alternately, simply copy `validator-keys.json` to your backup location every time you generate a new validation token, so your backup version has the correct `token_sequence`. + **Warning:** Store the generated `validator-keys.json` key file in a secure, offline, and recoverable location, such as an encrypted USB flash drive. Do not store keys on the validator where you intend to use the keys. If your `secret_key` is compromised, [revoke the key](https://github.com/ripple/validator-keys-tool/blob/master/doc/validator-keys-tool-guide.md#key-revocation) immediately. Do not modify the contents of `validator-keys.json`, except to update the backup after generating a new token. If you generate more than one token from the same backup without updating, the network ignores the later tokens because they use the same `token_sequence` number. For more information about the `validator-keys` tool and the key pairs it generates, see the [Validator Keys Tool Guide](https://github.com/ripple/validator-keys-tool/blob/master/doc/validator-keys-tool-guide.md).